mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-16 06:52:07 +01:00
Merge branch 'master' into admin-interface
This commit is contained in:
commit
9e5fd2d576
12 changed files with 566 additions and 283 deletions
751
Cargo.lock
generated
751
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
29
Cargo.toml
29
Cargo.toml
|
@ -32,10 +32,10 @@ rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false }
|
||||||
rocket_contrib = "0.5.0-dev"
|
rocket_contrib = "0.5.0-dev"
|
||||||
|
|
||||||
# HTTP client
|
# HTTP client
|
||||||
reqwest = { version = "0.10.10", features = ["blocking", "json"] }
|
reqwest = { version = "0.11.0", features = ["blocking", "json"] }
|
||||||
|
|
||||||
# multipart/form-data support
|
# multipart/form-data support
|
||||||
multipart = { version = "0.17.0", features = ["server"], default-features = false }
|
multipart = { version = "0.17.1", features = ["server"], default-features = false }
|
||||||
|
|
||||||
# WebSockets library
|
# WebSockets library
|
||||||
ws = { version = "0.10.0", package = "parity-ws" }
|
ws = { version = "0.10.0", package = "parity-ws" }
|
||||||
|
@ -47,12 +47,11 @@ rmpv = "0.4.6"
|
||||||
chashmap = "2.2.2"
|
chashmap = "2.2.2"
|
||||||
|
|
||||||
# A generic serialization/deserialization framework
|
# A generic serialization/deserialization framework
|
||||||
serde = "1.0.118"
|
serde = { version = "1.0.123", features = ["derive"] }
|
||||||
serde_derive = "1.0.118"
|
serde_json = "1.0.61"
|
||||||
serde_json = "1.0.60"
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log = "0.4.11"
|
log = "0.4.14"
|
||||||
fern = { version = "0.6.0", features = ["syslog-4"] }
|
fern = { version = "0.6.0", features = ["syslog-4"] }
|
||||||
|
|
||||||
# A safe, extensible ORM and Query builder
|
# A safe, extensible ORM and Query builder
|
||||||
|
@ -63,22 +62,22 @@ diesel_migrations = "1.4.0"
|
||||||
libsqlite3-sys = { version = "0.18.0", features = ["bundled"], optional = true }
|
libsqlite3-sys = { version = "0.18.0", features = ["bundled"], optional = true }
|
||||||
|
|
||||||
# Crypto-related libraries
|
# Crypto-related libraries
|
||||||
rand = "0.7.3"
|
rand = "0.8.3"
|
||||||
ring = "0.16.19"
|
ring = "0.16.19"
|
||||||
|
|
||||||
# UUID generation
|
# UUID generation
|
||||||
uuid = { version = "0.8.1", features = ["v4"] }
|
uuid = { version = "0.8.2", features = ["v4"] }
|
||||||
|
|
||||||
# Date and time libraries
|
# Date and time libraries
|
||||||
chrono = "0.4.19"
|
chrono = "0.4.19"
|
||||||
chrono-tz = "0.5.3"
|
chrono-tz = "0.5.3"
|
||||||
time = "0.2.23"
|
time = "0.2.25"
|
||||||
|
|
||||||
# TOTP library
|
# TOTP library
|
||||||
oath = "0.10.2"
|
oath = "0.10.2"
|
||||||
|
|
||||||
# Data encoding library
|
# Data encoding library
|
||||||
data-encoding = "2.3.1"
|
data-encoding = "2.3.2"
|
||||||
|
|
||||||
# JWT library
|
# JWT library
|
||||||
jsonwebtoken = "7.2.0"
|
jsonwebtoken = "7.2.0"
|
||||||
|
@ -100,19 +99,19 @@ num-traits = "0.2.14"
|
||||||
num-derive = "0.3.3"
|
num-derive = "0.3.3"
|
||||||
|
|
||||||
# Email libraries
|
# Email libraries
|
||||||
lettre = { version = "0.10.0-alpha.4", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
|
lettre = { version = "0.10.0-alpha.5", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
|
||||||
newline-converter = "0.1.0"
|
newline-converter = "0.1.0"
|
||||||
|
|
||||||
# Template library
|
# Template library
|
||||||
handlebars = { version = "3.5.1", features = ["dir_source"] }
|
handlebars = { version = "3.5.2", features = ["dir_source"] }
|
||||||
|
|
||||||
# For favicon extraction from main website
|
# For favicon extraction from main website
|
||||||
soup = "0.5.0"
|
soup = "0.5.0"
|
||||||
regex = "1.4.2"
|
regex = { version = "1.4.3", features = ["std", "perf"], default-features = false }
|
||||||
data-url = "0.1.0"
|
data-url = "0.1.0"
|
||||||
|
|
||||||
# Used by U2F, JWT and Postgres
|
# Used by U2F, JWT and Postgres
|
||||||
openssl = "0.10.31"
|
openssl = "0.10.32"
|
||||||
|
|
||||||
# URL encoding library
|
# URL encoding library
|
||||||
percent-encoding = "2.1.0"
|
percent-encoding = "2.1.0"
|
||||||
|
@ -123,7 +122,7 @@ idna = "0.2.0"
|
||||||
structopt = "0.3.21"
|
structopt = "0.3.21"
|
||||||
|
|
||||||
# Logging panics to logfile instead stderr only
|
# Logging panics to logfile instead stderr only
|
||||||
backtrace = "0.3.55"
|
backtrace = "0.3.56"
|
||||||
|
|
||||||
# Macro ident concatenation
|
# Macro ident concatenation
|
||||||
paste = "1.0.4"
|
paste = "1.0.4"
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
{% set build_stage_base_image = "rust:1.48" %}
|
{% set build_stage_base_image = "rust:1.48" %}
|
||||||
{% if "alpine" in target_file %}
|
{% if "alpine" in target_file %}
|
||||||
{% if "amd64" in target_file %}
|
{% if "amd64" in target_file %}
|
||||||
{% set build_stage_base_image = "clux/muslrust:nightly-2020-11-22" %}
|
{% set build_stage_base_image = "clux/muslrust:nightly-2021-01-25" %}
|
||||||
{% set runtime_stage_base_image = "alpine:3.12" %}
|
{% set runtime_stage_base_image = "alpine:3.12" %}
|
||||||
{% set package_arch_target = "x86_64-unknown-linux-musl" %}
|
{% set package_arch_target = "x86_64-unknown-linux-musl" %}
|
||||||
{% elif "armv7" in target_file %}
|
{% elif "armv7" in target_file %}
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
FROM bitwardenrs/web-vault@sha256:57af3fd71706bf6a594488d809ec73f04f77f3f5e97f72fab74c681c4f5a5272 as vault
|
FROM bitwardenrs/web-vault@sha256:57af3fd71706bf6a594488d809ec73f04f77f3f5e97f72fab74c681c4f5a5272 as vault
|
||||||
|
|
||||||
########################## BUILD IMAGE ##########################
|
########################## BUILD IMAGE ##########################
|
||||||
FROM clux/muslrust:nightly-2020-11-22 as build
|
FROM clux/muslrust:nightly-2021-01-25 as build
|
||||||
|
|
||||||
# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
|
# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
|
||||||
ARG DB=sqlite,postgresql
|
ARG DB=sqlite,postgresql
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
nightly-2020-11-22
|
nightly-2021-01-25
|
|
@ -19,13 +19,12 @@ static SHOW_WEBSOCKETS_MSG: AtomicBool = AtomicBool::new(true);
|
||||||
|
|
||||||
#[get("/hub")]
|
#[get("/hub")]
|
||||||
fn websockets_err() -> EmptyResult {
|
fn websockets_err() -> EmptyResult {
|
||||||
if CONFIG.websocket_enabled() && SHOW_WEBSOCKETS_MSG.compare_and_swap(true, false, Ordering::Relaxed) {
|
if CONFIG.websocket_enabled() && SHOW_WEBSOCKETS_MSG.compare_exchange(true, false, Ordering::Relaxed, Ordering::Relaxed).is_ok() {
|
||||||
err!(
|
err!("
|
||||||
"###########################################################
|
###########################################################
|
||||||
'/notifications/hub' should be proxied to the websocket server or notifications won't work.
|
'/notifications/hub' should be proxied to the websocket server or notifications won't work.
|
||||||
Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false.
|
Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false.
|
||||||
###########################################################################################"
|
###########################################################################################\n")
|
||||||
)
|
|
||||||
} else {
|
} else {
|
||||||
Err(Error::empty())
|
Err(Error::empty())
|
||||||
}
|
}
|
||||||
|
|
|
@ -557,6 +557,10 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
|
||||||
err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support")
|
err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !cfg.smtp_from.contains('@') {
|
||||||
|
err!("SMTP_FROM does not contain a mandatory @ sign")
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.smtp_username.is_some() != cfg.smtp_password.is_some() {
|
if cfg.smtp_username.is_some() != cfg.smtp_password.is_some() {
|
||||||
err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication")
|
err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication")
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,7 +67,7 @@ pub fn generate_token(token_size: u32) -> Result<String, Error> {
|
||||||
// token of fixed width, left-padding with 0 as needed.
|
// token of fixed width, left-padding with 0 as needed.
|
||||||
use rand::{thread_rng, Rng};
|
use rand::{thread_rng, Rng};
|
||||||
let mut rng = thread_rng();
|
let mut rng = thread_rng();
|
||||||
let number: u64 = rng.gen_range(low, high);
|
let number: u64 = rng.gen_range(low..high);
|
||||||
let token = format!("{:0size$}", number, size = token_size as usize);
|
let token = format!("{:0size$}", number, size = token_size as usize);
|
||||||
|
|
||||||
Ok(token)
|
Ok(token)
|
||||||
|
|
26
src/mail.rs
26
src/mail.rs
|
@ -302,30 +302,32 @@ fn send_email(address: &str, subject: &str, body_html: &str, body_text: &str) ->
|
||||||
|
|
||||||
let address = format!("{}@{}", address_split[1], domain_puny);
|
let address = format!("{}@{}", address_split[1], domain_puny);
|
||||||
|
|
||||||
let html = SinglePart::base64()
|
let html = SinglePart::builder()
|
||||||
|
// We force Base64 encoding because in the past we had issues with different encodings.
|
||||||
|
.header(header::ContentTransferEncoding::Base64)
|
||||||
.header(header::ContentType("text/html; charset=utf-8".parse()?))
|
.header(header::ContentType("text/html; charset=utf-8".parse()?))
|
||||||
.body(body_html);
|
.body(String::from(body_html));
|
||||||
|
|
||||||
let text = SinglePart::base64()
|
let text = SinglePart::builder()
|
||||||
|
// We force Base64 encoding because in the past we had issues with different encodings.
|
||||||
|
.header(header::ContentTransferEncoding::Base64)
|
||||||
.header(header::ContentType("text/plain; charset=utf-8".parse()?))
|
.header(header::ContentType("text/plain; charset=utf-8".parse()?))
|
||||||
.body(body_text);
|
.body(String::from(body_text));
|
||||||
|
|
||||||
// The boundary generated by Lettre it self is mostly too large based on the RFC822, so we generate one our selfs.
|
|
||||||
use uuid::Uuid;
|
|
||||||
let unique_id = Uuid::new_v4().to_simple();
|
|
||||||
let boundary = format!("_Part_{}_", unique_id);
|
|
||||||
let alternative = MultiPart::alternative().boundary(boundary).singlepart(text).singlepart(html);
|
|
||||||
let smtp_from = &CONFIG.smtp_from();
|
let smtp_from = &CONFIG.smtp_from();
|
||||||
|
|
||||||
let email = Message::builder()
|
let email = Message::builder()
|
||||||
.message_id(Some(format!("<{}.{}>", unique_id, smtp_from)))
|
.message_id(Some(format!("<{}@{}>", crate::util::get_uuid(), smtp_from.split('@').collect::<Vec<&str>>()[1] )))
|
||||||
.to(Mailbox::new(None, Address::from_str(&address)?))
|
.to(Mailbox::new(None, Address::from_str(&address)?))
|
||||||
.from(Mailbox::new(
|
.from(Mailbox::new(
|
||||||
Some(CONFIG.smtp_from_name()),
|
Some(CONFIG.smtp_from_name()),
|
||||||
Address::from_str(smtp_from)?,
|
Address::from_str(smtp_from)?,
|
||||||
))
|
))
|
||||||
.subject(subject)
|
.subject(subject)
|
||||||
.multipart(alternative)?;
|
.multipart(
|
||||||
|
MultiPart::alternative()
|
||||||
|
.singlepart(text)
|
||||||
|
.singlepart(html)
|
||||||
|
)?;
|
||||||
|
|
||||||
match mailer().send(&email) {
|
match mailer().send(&email) {
|
||||||
Ok(_) => Ok(()),
|
Ok(_) => Ok(()),
|
||||||
|
|
|
@ -6,7 +6,7 @@ extern crate openssl;
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate rocket;
|
extern crate rocket;
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate serde_derive;
|
extern crate serde;
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate serde_json;
|
extern crate serde_json;
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
|
|
|
@ -508,7 +508,8 @@
|
||||||
"disneymoviesanywhere.com",
|
"disneymoviesanywhere.com",
|
||||||
"go.com",
|
"go.com",
|
||||||
"disney.com",
|
"disney.com",
|
||||||
"dadt.com"
|
"dadt.com",
|
||||||
|
"disneyplus.com"
|
||||||
],
|
],
|
||||||
"Excluded": false
|
"Excluded": false
|
||||||
},
|
},
|
||||||
|
@ -885,5 +886,13 @@
|
||||||
"yandex.uz"
|
"yandex.uz"
|
||||||
],
|
],
|
||||||
"Excluded": false
|
"Excluded": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Type": 84,
|
||||||
|
"Domains": [
|
||||||
|
"sonyentertainmentnetwork.com",
|
||||||
|
"sony.com"
|
||||||
|
],
|
||||||
|
"Excluded": false
|
||||||
}
|
}
|
||||||
]
|
]
|
|
@ -10,16 +10,17 @@ import urllib.request
|
||||||
|
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
if len(sys.argv) != 2:
|
if not (2 <= len(sys.argv) <= 3):
|
||||||
print("usage: %s <OUTPUT-FILE>" % sys.argv[0])
|
print("usage: %s <OUTPUT-FILE> [GIT-REF]" % sys.argv[0])
|
||||||
print()
|
print()
|
||||||
print("This script generates a global equivalent domains JSON file from")
|
print("This script generates a global equivalent domains JSON file from")
|
||||||
print("the upstream Bitwarden source repo.")
|
print("the upstream Bitwarden source repo.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
OUTPUT_FILE = sys.argv[1]
|
OUTPUT_FILE = sys.argv[1]
|
||||||
|
GIT_REF = 'master' if len(sys.argv) == 2 else sys.argv[2]
|
||||||
|
|
||||||
BASE_URL = 'https://github.com/bitwarden/server/raw/master'
|
BASE_URL = 'https://github.com/bitwarden/server/raw/%s' % GIT_REF
|
||||||
ENUMS_URL = '%s/src/Core/Enums/GlobalEquivalentDomainsType.cs' % BASE_URL
|
ENUMS_URL = '%s/src/Core/Enums/GlobalEquivalentDomainsType.cs' % BASE_URL
|
||||||
DOMAIN_LISTS_URL = '%s/src/Core/Utilities/StaticStore.cs' % BASE_URL
|
DOMAIN_LISTS_URL = '%s/src/Core/Utilities/StaticStore.cs' % BASE_URL
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue